Thumbs down (shutterstock image)

States resist ‘critical infrastructure’ designation for election systems

Despite the attempted hacks into state voter registration systems, a group of state officials voted to oppose a federal critical infrastructure designation covering their election systems.

The National Association of Secretaries of State voted on Feb. 18 to oppose the Department of Homeland Security's late January designation of state election systems as federally protected "critical infrastructure." The designation puts election systems on similar footing as systems in the energy and financial services sectors.

NASS issued a resolution opposing the designation and voted over the weekend to create a task force to work with federal agencies and stakeholders on election system cybersecurity issues.

While some states, like Arizona, took DHS up on its offer to provide cybersecurity scans of some of their systems in the wake of attempted hacks into state voter registration systems, others are very wary of letting federal agencies into state-managed facilities for fear of, or the impression of, federal influence or management.

During the recent NASS winter meeting, Connecticut Secretary of State Denise Merrill called the DHS designation "a broad new role for the federal government" and said she was still looking for a written guidance from the agency on what the designation means.

Those concerns, Kay Stimson, NASS director of communications told FCW on Feb. 22, led to the resolution. States, she said, aren't bound by the document, but the organization wants to signal to the new administration that the designation isn't necessary.

"We want to send a loud and clear message to rescind the designation," she said.           

Transparency, she said, is the heart of the election system. That transparency could be clouded -- in reality or in the minds of voters -- because of the federal designation.  She said states are willing to work with federal partners, but the designation carries too much baggage and uncertainty related to the federal government's exact role.

White House deputy director of intergovernmental affairs, Billy Kirkland, was at the NASS meeting and indicated he wanted to talk further about the designation, according to Stimson. The organization has not yet contacted the White House to set a meeting, she said, but states could also reach out.

During the meeting last week, Merrill contended that states already have many of the same cyber capabilities that DHS offers and can marshal better information in some cases. They have been effective in tracking down cyber threats.

In January, Georgia Secretary of State Brian Kemp called the DHS designation a "blatant overreach" and later asked for an investigation into what he called "doorknob rattling" on his state’s firewall by DHS in the run up to the election last fall. His state IT team detected the attempts.

Stimson told FCW that Indiana's IT staff tracked similar scan attempts on its facilities in the same period the same DHS IP address.

"What problems does [the designation] solve?" she asked. Work by state IT teams and local FBI offices on cyber issues has been productive, she said. The category of possibly vulnerable election equipment is very small, and the dangers have been overstated, she said.

About the Author

Mark Rockwell is a staff writer at FCW.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


inside gcn

  • cloud migration (deepadesigns/Shutterstock.com)

    How agencies decide when moving to the cloud makes sense

Reader Comments

Fri, Feb 24, 2017 DrK

I believe that the processes and technology used by State, County, and local election boards should be evaluated for reliability and security with some sort of process. Perhaps NIST could provide guidance. I have seen the election systems of a few states and their technologies in my mind are susceptible to improprieties.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group